1. Data Controller
Järvenpään Auto-Arita
Alhotie 8
04430 Järvenpää
2. Contact Person for Register Matters
Mei Uusimäki
Financial Director
Tel. +358 40 753 4479
E-mail: mei.uusimaki@catamount.fi
3. Name of the Register
Ceepos online payment interface
4. Purpose of Processing Personal Data
Personal data is collected, among other things, for order fulfillment, correct allocation of payments, identification of the customer and/or a person reported by the customer, verification of the customer’s service history and service rights, reporting, and marketing.
Information about software users is collected to define access rights and to monitor use. The software creates log data containing personal data for purposes such as reviewing software usage history and investigating problem cases.
5. Content of the Register
Personal data that may be stored in the registers includes:
General customer register: customer number, first name, last name, street address, postal town/city, telephone number, email address, order history, username, and direct marketing consent.
Order register: contact details, ordered products.
Mailing lists: email address.
Personal data is retained in the registers until it is deleted manually. Order data is retained until it is deleted manually or on a scheduled basis. Electronic receipt histories are retained until they are deleted manually, but in any case for at least six years.
6. Regular Sources of Information
Payment transactions are transmitted through interfaces by external systems integrated with the online store. As a general rule, the primary source of information is customers of the online store when placing orders, registering, and paying online.
7. Regular Disclosures of Data
Personal data is not disclosed to third parties. Personal data may be transferred to other systems of the data controller, such as point-of-sale systems, accounting, invoicing, and access control. Depending on the payment service provider, when an order is paid, the customer’s contact details may be transmitted to the payment system to facilitate problem handling and payment refunds.
8. Transfer of Data Outside the EU or EEA
Personal data is not transferred outside the EU or EEA.
9. Principles of Register Security
Software maintenance is protected with usernames and passwords, as well as user-group-specific access rights. Data in the database is protected with usernames and passwords, and data processing is restricted to use by the online store system only. Data stored on disks is protected with operating-system-level access rights. All data traffic between the system provider’s systems and between the online store and the payment service provider takes place over SSL-secured connections.
Remote maintenance access to the online store server is permitted only for server and system providers. The software provider has full access to review and delete all collected data.
10. Acceptance of Personal Data Processing
Making online store purchases and payments is regarded as acceptance of the processing of personal data, and separate consent from the consumer is not required to use the system. When personal data comes from an external system, acceptance of the processing of personal data is handled outside the online store system.
11. Right of Access
The data subject has the right to inspect the personal data concerning them stored in the register and to obtain copies of it. Requests for inspection must be submitted electronically or in writing to the register contact person.
12. Right to Request Correction of Data
The data subject has the right to request correction or deletion of incorrect information in the personal data register. Requests must be submitted electronically or in writing to the register contact person.
13. Other Rights Related to the Processing of Personal Data
The data subject has the right to prohibit the data controller from processing data concerning them for direct advertising, distance selling, other direct marketing, and market and opinion research.